Rule Update
20-060 (01 Dezember 2020)
Publish Date: 01 Dezember 2020
Beschreibung
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
DCERPC Services - Client
1010585 - Identified Possible Ransomware File Extension Create Activity Over Network Share - Client
Directory Server LDAP
1010640* - Identified Remote Account Discovery Over LDAP (ATT&CK T1087)
1010433* - Identified Remote System Discovery Over LDAP (ATT&CK T1018)
Java RMI
1010579* - Adobe ColdFusion 'DataServicesCFProxy ROME' Framework Insecure Deserialization Vulnerability (CVE-2018-4939)
NFS Server
1010605* - Microsoft Windows Network File System NLM RPC Message Information Disclosure Vulnerability (CVE-2020-17056)
Suspicious Server Application Activity
1010644 - Identified HTTP Trojan-Downloader.Shell.Lightbot.A C&C Traffic Request
Web Application Common
1010635* - Jenkins Groovy Plugin Sandbox Bypass Vulnerability (CVE-2019-1003030)
Web Server Common
1010630* - Trend Micro InterScan Web Security Virtual Appliance Command Injection Vulnerability (CVE-2020-8605)
Web Server Oracle
1010625* - Oracle WebLogic Server IIOP Protocol Insecure Deserialization Vulnerability (CVE-2020-14825)
1010587* - Oracle WebLogic Server IIOP Protocol Remote Code Execution Vulnerability (CVE-2020-14841)
1010624* - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-14825)
1010588* - Oracle WebLogic Server T3 Protocol Remote Code Execution Vulnerability (CVE-2020-14859)
Zoho ManageEngine
1010612* - Zoho ManageEngine Applications Manager SQL Injection Vulnerability (CVE-2020-15927)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1010141* - Microsoft Windows - Export Certificate and Private Key
Deep Packet Inspection Rules:
DCERPC Services - Client
1010585 - Identified Possible Ransomware File Extension Create Activity Over Network Share - Client
Directory Server LDAP
1010640* - Identified Remote Account Discovery Over LDAP (ATT&CK T1087)
1010433* - Identified Remote System Discovery Over LDAP (ATT&CK T1018)
Java RMI
1010579* - Adobe ColdFusion 'DataServicesCFProxy ROME' Framework Insecure Deserialization Vulnerability (CVE-2018-4939)
NFS Server
1010605* - Microsoft Windows Network File System NLM RPC Message Information Disclosure Vulnerability (CVE-2020-17056)
Suspicious Server Application Activity
1010644 - Identified HTTP Trojan-Downloader.Shell.Lightbot.A C&C Traffic Request
Web Application Common
1010635* - Jenkins Groovy Plugin Sandbox Bypass Vulnerability (CVE-2019-1003030)
Web Server Common
1010630* - Trend Micro InterScan Web Security Virtual Appliance Command Injection Vulnerability (CVE-2020-8605)
Web Server Oracle
1010625* - Oracle WebLogic Server IIOP Protocol Insecure Deserialization Vulnerability (CVE-2020-14825)
1010587* - Oracle WebLogic Server IIOP Protocol Remote Code Execution Vulnerability (CVE-2020-14841)
1010624* - Oracle WebLogic Server T3 Protocol Insecure Deserialization Vulnerability (CVE-2020-14825)
1010588* - Oracle WebLogic Server T3 Protocol Remote Code Execution Vulnerability (CVE-2020-14859)
Zoho ManageEngine
1010612* - Zoho ManageEngine Applications Manager SQL Injection Vulnerability (CVE-2020-15927)
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
1010141* - Microsoft Windows - Export Certificate and Private Key